Corporate Network Security

ABSTRACT

Corporate Network Security is one of the most underrated considerations within today’s business world. This spotlight’s, on a more fundamental level, where management teams struggle to align their Information Technology infrastructure with business goals, business objectives, business practices and procedures.

Successful management teams are cognizant of two things. First, they are acutely aware that technology is integrated in most every facet of business. As a result, secondly, they realize the importance of having an Information Technology infrastructure properly aligned and supporting of the business purpose and organizational systems. They will go about business in ensuring that the information (technology) strategy and organizational strategy fit the business strategy.

INTRODUCTION

The purpose of Corporate Network Security is to mitigate risks of unauthorized access and protecting network systems and resources, while ensuring maximum systems uptime, data integrity and availability. In this paper, I intend to outline many areas that make up the concept of Corporate Network Security, look at many areas where companies struggle, while providing examples of companies doing things right, or making recommendations in such areas.

WHAT ARE THE RISKS

The threats and risks that businesses face to their corporate network security are real and plentiful. For example, compromised data, construed as a business asset, can be used to the benefit of competitors, which becomes detrimental to a company’s potential strategic advantage; compromised personal information, such as social security numbers or financial information, can create legal liability (more than 158 million personal data records have been exposed since February 2005 (Vanhorn, 2007)); information and data can be physically destroyed, wasting considerable manpower productivity; and your own ability to work can be hampered when a system is compromised by rendering it inoperable.

METHODS OF ATTACK

Some of the numerous ways a network can be attacked and how data and information can be compromised include Denial of Service attacks, backdoors, spoofing, phishing, password attacks (guessing, brute force, dictionary style), software / operating system exploitation, malicious code (viruses, adware, spyware, worms, trojans, browser hijackers), and physical thievery.

MANAGEMENT SUPPORT AND TEAMWORK

Suppose you have a company, which has grown leaps and bounds, to the point where they are in dire need of some form of an enterprise system, such as a CRM (Customer Relationship Management) system or an ERP (Enterprise Resource Planning) system, that would help take antiquated “doing things by hand” type processes to a more efficient and effective electronic method, because they have grown to such a point where managing their information necessitates such a system and the old ways of doing things have just become too cumbersome and are not effective in performing day-to-day functions.

While a company’s management team, as a whole, will all share the realization that such a system is necessary; depending on how the company is set up to deal with such endeavors will be a huge key in how successful such a systems implementation will go. How a company’s management team is set up to plan, procure, and execute such endeavors, will largely dictate success.

One common scenario is where the Information Technology professionals within the company happen to wield significant power and exert significant influence into what system is chosen. This type of scenario is the organizational strategy and business strategy matching the objectives of the information (technology) strategy, which is an atrocity waiting to happen. Commonly in such situations, Information Technology will end up putting in a system that does not match the requirements of the business goals and organizational procedures.

As a result, there will be all sorts of internal dissention, in-fighting amongst departments / business units and Information Technology. Even worse, after such a significant investment of time and money into the initial implementation, the management team will ultimately move forward with whatever is necessary to make the system work, sometimes requiring expert-level consultants and such, when the system shortcomings are realized. Between the internal issues (disgruntled employees resulting in morale issues and productivity losses), and the efforts (time / materials / manpower) in attempting to make the system right and attaining the level of functionality desired, will cost significantly more money than originally budgeted and affect the bottom line in ways they were not likely to anticipate.

Conversely, another typical scenario occurs when companies look at Information Technology as just a cost center or a support center, and fail to see how deeply IT actually affects the organizational strategy and the business strategy. That ignorant perception will facilitate another common situation, finding a management team getting together, with non-existent or minimal representation from Information Technology, and moving forward with making decisions on what system will be chosen. After a decision has been made, the brass will then hand everything over to Information Technology and say implement X system.

In this case, the shortcomings will fall on the IT end, where the IT folks are apt to find problems citing issues like systems incompatibility with the existing infrastructure; systems requirements that fall beyond what is already in place, necessitating unplanned and unbudgeted back-end and infrastructure; and a plethora of other potential possible and unforeseen issues. In the end, this will all fall upon management’s deaf ears, where they will point the fingers back to IT for their inability to get the system implemented. This will cause significant delays and monetary expenditures not originally accounted for.

While the example used in conceptualizing management not being in-line with IT, or even more importantly вЂ" information (technology) strategy not being in line with organizational and business strategy, it may raise the question, what does this have to do with Corporate Network Security? A lot.

Relatively speaking, because so much discord between management and Information Technology exists, in addition to a company’s inability to properly integrate Information Technology to fit their organizational and business

...